CVE-2013-4428

Currently unrated

Key Information:

Vendor: Openstack
Status: Glance
Vendor: CVE Published:; 27 October 2013

Summary

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.

References

http://rhn.redhat.com/errata/RHSA-2013-1525.html

vendor-advisoryx_refsource_REDHAT

http://www.ubuntu.com/usn/USN-2003-1

vendor-advisoryx_refsource_UBUNTU

https://launchpad.net/glance/+milestone/2013.1.4

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 27, 2013
Vulnerability Reserved
Jun 12, 2013